| <title> |
| Tests the redirect interaction with COOP same-origin-allow-popups. |
| </title> |
| <meta name=timeout content=long> |
| <script src=/resources/testharness.js></script> |
| <script src=/resources/testharnessreport.js></script> |
| <script src=/common/get-host-info.sub.js></script> |
| <script src="/common/utils.js"></script> |
| <script src="../resources/dispatcher.js"></script> |
| <script> |
| |
| const directory = "/html/cross-origin-opener-policy/reporting"; |
| const executor_path = directory + "/resources/executor.html?pipe="; |
| const same_origin = { |
| host: get_host_info().HTTPS_ORIGIN, |
| name: "Same origin" |
| }; |
| const cross_origin = { |
| host: get_host_info().HTTPS_REMOTE_ORIGIN, |
| name: "Cross origin" |
| }; |
| const coep_header = '|header(Cross-Origin-Embedder-Policy,require-corp)'; |
| |
| // Tests the redirect interaction with COOP same-origin-allow-popups and |
| // reporting: |
| // 1 - open the opener document on origin same_origin wit COOP |
| // same-origin-allow-popups. |
| // 2 - opener opens popup with document on origin popup_origin, no COOP and a |
| // redirect header (HTTP 302, location). |
| // 3 - redirection to a document with origin same_origin and COOP |
| // same-origin-allow-popups. |
| // |
| // The navigation (2) to the first document of the popup stays in the same |
| // browsing context group due to the same-origin-allow-popups COOP of the |
| // opener. |
| // The redirect (3) to the final document does since it compares the |
| // popup_origin/unsafe-none document with the |
| // same-origin/same-origin-allow-popups document. |
| // |
| // A opens B, B redirects to C. |
| // |
| // Document Origin COOP |
| // -------- ------------ ------------------------ |
| // A same-origin same-origin-allow-popups |
| // B popup-origin unsafe-none |
| // C same-origin same-origin-allow-popups |
| function redirect_test( popup_origin ) { |
| promise_test(async t => { |
| // The test window. |
| const this_window_token = token(); |
| |
| // The "opener" window. This has COOP same-origin-allow-popups and a |
| // reporter. |
| const opener_report_token= token(); |
| const opener_token = token(); |
| const opener_reportTo = reportToHeaders(opener_report_token); |
| const opener_url = same_origin.host + executor_path + |
| opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader + |
| `&uuid=${opener_token}`; |
| |
| // The "openee" window. |
| // The initial document does not have COOP and is on popup_origin, it |
| // redirects to a same-origin (with the opener) document with COOP |
| // same-origin-allow-popups. |
| const openee_token = token(); |
| const openee_redirect_url = same_origin.host + executor_path + |
| opener_reportTo.header + opener_reportTo.coopSameOriginAllowPopupsHeader + |
| `&uuid=${openee_token}`; |
| const redirect_header = 'status(302)' + |
| `|header(Location,${encodeURIComponent( |
| openee_redirect_url |
| .replace(/,/g, "\\,") |
| .replace(/\\\\,/g, "\\\\\\,") |
| .replace(/\(/g, "%28") |
| .replace(/\)/g, "%29"))})`; |
| const openee_url = popup_origin.host + executor_path + redirect_header + |
| `&uuid=${openee_token}`; |
| // 1. Create the opener window. |
| let opener_window_proxy = window.open(opener_url); |
| t.add_cleanup(() => send(opener_token, "window.close()")); |
| |
| // 2. The opener opens its openee. |
| send(opener_token, ` |
| openee = window.open("${openee_url}"); |
| `); |
| t.add_cleanup(() => send(openee_token, "window.close()")); |
| |
| // 3. Check the opener status on the openee. |
| send(openee_token, ` |
| send("${this_window_token}", opener !== null); |
| `); |
| assert_equals(await receive(this_window_token), "false", "opener"); |
| |
| // 4. Check the openee status on the opener. |
| send(opener_token, ` |
| send("${this_window_token}", openee.closed); |
| `); |
| assert_equals(await receive(this_window_token), "true", "openee.closed"); |
| |
| // 5. Check a report sent to the openee. |
| let report = await receiveReport( |
| opener_report_token, |
| "navigation-to-response"); |
| assert_equals(report.type, "coop"); |
| assert_equals(report.body.disposition, "enforce"); |
| assert_equals(report.body.effectivePolicy, "same-origin-allow-popups"); |
| }, `${popup_origin.name} openee redirected to same-origin with same-origin-allow-popups`); |
| } |
| |
| redirect_test(same_origin); |
| redirect_test(cross_origin); |
| </script> |